قالب وردپرس درنا توس
Home / Tips and Tricks / How to access ports on hosts from a Docker container – CloudSavvy IT

How to access ports on hosts from a Docker container – CloudSavvy IT



Docker logo

If you network with the outside world, Docker behaves as if the request is coming from the host machine. But if you want to access processes that run on host, your firewall may need a little extra configuration.

Solution: Add a firewall rule for 172.18.0.0/16

If you just tried to access a process running on the host computer as an HTTP service, you may have been blocked. This is because even though Docker containers run on hosts, they use certain special networks under the hood to keep them logically separated, and therefore they have different IP addresses.

You can see this while driving ifconfig, you see your usual network interface, but also docker0 interface. By default, Docker uses block 1

72.18.0.0/16 to allocate the container IP addresses.

Docker0 interface

The correction is very simple – open this door area in your firewall. Inquiries from the IP area that Docker uses are likely to be blocked. It is a private IP address range, so there is minimal risk of having it open. For UFW it would be:

sudo ufw allow from 172.18.0.0/24

Optionally specify a port to open:

sudo ufw allow from 172.18.0.0/24 to any port 9200

For iptables, It should be:

iptables --append INPUT --protocol tcp --src 172.18.0.0/24 --jump DROP

For managed hosting services like AWS, you may not need to change anything – security groups are network firewalls that sit in front of instances and should not affect internal traffic.


Source link